We learned this past week that Apple’s iOS 8 will offer the ability to randomize the WiFi MAC address while it scans for wireless networks. While the feature itself seems appealing from a privacy perspective it has me seeking to understand how they intend to technically implement this feature.

I’ve seen more than my fair share of duplicate IP address issues over the years and I’m wondering how Apple is going to implement this feature to prevent duplicate MAC addresses? And in that same thought how is this change going to impact other systems. It’s obviously going to impact those solutions that promise to track customers through retail spaces. Although the proposed change by Apple only covers the WiFi SSID scanning, once you connect to a guest/public hotspot iOS 8 will use the real WiFi MAC address which can then be tracked. How will this impact an Access Point or Wireless LAN Controller? What if a wireless network utilizes band steering and probe response spoofing?

Anyone have any technical details regarding how they will actually randomize the MAC address?

I was recently speaking with a colleague in Germany who was commenting about the recent request for public comment around the OUI Restructuring proposed by the IEEE RAC. You can find all the details in the draft document along with this presentation.

Unlike IPv4 addresses which are 32-bits long, the Ethernet MAC address is 48-bits in length and can provide a total of 281.5 trillion possible addresses. The first 3 bytes (24-bits) are reserved for identifying the vendor or manufacturer while the remaining 3 bytes (24-bits) are used to provide unique addresses to each device. As it exists today you could have 16.7 million unique addresses across 16.7 million unique vendors and/or manufacturers.

What devices have MAC address assigned;

Hardwired Network Adapters

Wireless Network Adapters

Bluetooth Adapters

You can find a MAC address in any of the following devices;

Smartphone

Tablet

Laptop/Desktop

Server

Virtual Server

Printer

Cable STB (Set-Top-Box)

Cable Router

Wireless Router

DVD/BlueRay player

Bluetooth Headset

IP Phone

IP Camera

Video Conference System

Switch/Router/Bridge

Wireless Access Point

The IEEE is proposing a change with how those addresses are allocated to help better utilize wasted address space as well as address virtualization challenges by creating large private address blocks for use within large virtualization deployments.

While a public IPv4 address needs to be unique across the entire Internet, a MAC address only needs to be unique across a Layer 2 network. It’s also worth noting that Layer 3 switches can have a unique MAC address for every port, so if you have a Layer 3 switch such as the Cisco Nexus 7010 or the Avaya VSP 9000 with 384 ports you’ll have 384 unique MAC addresses in that switch.

I downloaded the latest OUI table and counted about 17,597 assignments which means we have quite a ways to go before we exhaust the address space. I don’t see any issue with the proposed changes but I’m curious what everyone else thinks?